Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In June 2023
CVE-2023-34488
NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-12
CVE-2023-34494
NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-06-12
CVE-2023-23822
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ludwig Media UTM Tracker plugin <= 1.3.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-12
CVE-2023-30745
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-12
CVE-2023-30753
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Phan Chuong IP Metaboxes plugin <= 2.1.1.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-06-12
CVE-2022-38156
A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5. As an admin user, an attacker can send a crafted password in order to execute Linux commands as the root user.
CVSS Score
7.2
EPSS Score
0.003
Published
2023-06-12
CVE-2023-23819
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rolands Umbrovskis itemprop WP for SERP/SEO Rich snippets plugin <= 3.5.201706131 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-12
CVE-2023-34855
A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.
CVSS Score
4.8
EPSS Score
0.001
Published
2023-06-12
CVE-2023-23818
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Aviplugins.Com WP Register Profile With Shortcode plugin <= 3.5.7 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-06-12
CVE-2023-33253
LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file (such as shell.jpg.php.shell) being sent.
CVSS Score
8.8
EPSS Score
0.363
Published
2023-06-12


Products
Pricing
Contact Us

Shodan ® - All rights reserved